search

signalapp / Signal-Desktop

A private messenger for Windows, macOS, and Linux.
https://signal.org/download
GNU Affero General Public License v3.0
14.16k stars 2.57k forks source link

Windows: Signal uninstaller deletes user data when uninstalling application. #6910

Closed nabeelr closed 4 days ago

nabeelr commented 2 weeks ago

Using a supported version?

Overall summary

When running the Signal uninstaller, not only is application data removed, but user data is also removed.

User data is generally never deleted by uninstallers. In the few exceptions where this is not the case, users are typically explicitly warned or offered to remove their personal user data during the uninstall process.

Neither of these things happened when uninstalling Signal.

User data integrity should be a core concern of a secure messaging app.

Steps to reproduce

  1. Set up Signal
  2. Link to your mobile app.
  3. Use Signal and allow a history of messages to build up on your Desktop app.
  4. Uninstall Signal
  5. Reinstall Signal
  6. Open Signal to see all data is gone.

Expected result

User data should NEVER be mishandled, or deleted without the users explicit permission.

Actual result

In attempting to address an unrelated bug within Signal, an older version that was listed as also being installed along side the current version, was uninstalled. Unbeknownst to me the user, this was simply a second entry denoting an older version number, of the existing up-to-date install. Upon reinstalling Signal, I discovered that all my user data was gone, without ever being prompted to remove it.

See #3654 and #6887

Screenshots

No response

Signal version

7.11.1

Operating system

Windows 11 23H2

Version of Signal on your phone

7.8.1

Link to debug log

No response

indutny-signal commented 4 days ago

@nabeelr thank you for the report! We looked into the uninstall process on Windows and looks like when uninstalling Signal there is a confirmation modal saying: "The app and its related info will be uninstalled." Only if you press the "Uninstall" button below that text - Signal Desktop and your message history does get actually removed from disk. Thus the result of clean reinstall with no messages is not unexpected...

Now in your particular case sadly there was some leftover registry data that resulted in two separate apps shown for an actual single on-disk instance of the app. We are aware of this issue, but don't currently have a fix for it yet. We believe that this affects only computers where Signal was installed long time ago (>3 years). Let me know if this wasn't the case for you!

All in all, deleting all message history on uninstall is a desired behavior in this situation and fairly typical for other applications as well.

nabeelr commented 4 days ago

Hi @indutny-signal Yes, I saw that dialog box and my understanding of it as I'm sure most people's understanding of it would be that it was removing all the application data. "The app and its related info will be uninstalled." notice how "app" is specifically called out, however user data is not.

I don't think any rational person would read this message and think that they would lose their messages and their user data. I certainly didn't.

When you uninstall Microsoft word, it doesn't go through and delete all the word files out of your documents folder.

When you uninstall call of duty or valheim, it doesn't go through and delete all your save game data from your app data folder or your documents folder.

When you uninstall Nvidia drivers, it doesn't remove your display configuration files from wherever they're stored.

I'd be hard pressed to think of a scenario where uninstalling an application will delete user data.

The dialog box needs to to be made clear.